package com.chen.demoa.utils;
import com.google.common.collect.Maps;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.Map;

/**
 * @Auther:
 * @Date: 2019/2/27 16:49
 * @Description: xss filter config
 */
@Configuration
public class XssConfig {
    @Bean
    public FilterRegistrationBean xssFilterRegistrationBean() {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(new XssFilter());
        filterRegistrationBean.setOrder(1);//filter order ,set it first
        filterRegistrationBean.setEnabled(true);
        filterRegistrationBean.addUrlPatterns("/*"); //set filter all url mapping
        Map<String, String> initParameters = Maps.newHashMap();
        initParameters.put("excludes", "/oauth/token");///white list url
        initParameters.put("isIncludeRichText", "true");//enable or disable
        filterRegistrationBean.setInitParameters(initParameters);
        return filterRegistrationBean;
    }
}